Authenticating User Server-site for Refresh Token

[aperalta1437]

Question 💬

Hello everyone! I am using Next-Auth for a front-end Next.js application that utilizes a Spring boot back-end application. I am building both apps. I use the credentials provider to authenticate the user in the front-end; however, I would like to implement a refresh token and I've finished the implementation in my Spring boot API but in order to have the new access token saved onto the session I need to authenticate the user again so that the callbacks are triggered with the information I received from the back-end. In doing so, I created another credentials provider that will receive the access and refresh token and then refresh them. In order to have a solution that works server-side as well, I need to authenticate using the next-auth REST endpoints. In my case, I would have to make the below call:

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
const csrfToken = await getCsrfToken({ req: reqParams.context.req });
const token = await getToken({ req: reqParams.context.req, raw: true });
const response = await axios.post(
        "/api/auth/callback/refreshCredentials",
        new URLSearchParams({
          accessToken: reqParams.session.accessToken,
          refreshToken: reqParams.session.refreshToken,
          csrfToken,
        }),
        {
          headers: {
            "Content-Type": "application/x-www-form-urlencoded",
            Cookie: `next-auth.csrf-token=${csrfToken}; next-auth.callback-url=http%3A%2F%2Fadmin.localhost.com%3A3002%2Faccount; next-auth.session-token=${token}`,
          },
        }
      );
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

And every time I make the above call to refreshCredentials credentials provider, I always get 200 but the code in the provider never executes (I put console.log statements there to know). Is there anything that I am missing in the above call that Next-Auth requires?

How to reproduce ☕️

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
const csrfToken = await getCsrfToken({ req: reqParams.context.req });
const token = await getToken({ req: reqParams.context.req, raw: true });
const response = await axios.post(
        "/api/auth/callback/refreshCredentials",
        new URLSearchParams({
          accessToken: reqParams.session.accessToken,
          refreshToken: reqParams.session.refreshToken,
          csrfToken,
        }),
        {
          headers: {
            "Content-Type": "application/x-www-form-urlencoded",
            Cookie: `next-auth.csrf-token=${csrfToken}; next-auth.callback-url=http%3A%2F%2Fadmin.localhost.com%3A3002%2Faccount; next-auth.session-token=${token}`,
          },
        }
      );
///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

And for the provider:

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

CredentialProvider({
      id: "refreshCredentials",
      name: "refreshCredentials",
      credentials: {
        accessToken: {
          label: "Access Token",
          type: "text",
        },
        refreshToken: {
          label: "Refresh Token",
          type: "text",
        },
      },
      authorize: async (authData, req) => {
        console.log("authData refreshCredentials hkehdkh");           // THIS STATEMENT IS NEVER REACHED
        console.log(authData);
        console.log("req refreshCredentials");
        console.log(req);

        return {
          id: "1",
          name: "Angel kjbkjgkjbk",
          email: "[email protected]",
        };
      },
    })

///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Contributing 🙌🏽

Yes, I am willing to help answer this question in a PR